Search
18,985 CVEs
CVEs (18,985, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 426–450 of 18,985 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9264 | NONE | — | 2026-05-22 | A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafte… | |
| CVE-2026-9255 | HIGH | Patched | 7.8 | 2026-05-22 | Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, wit… |
| CVE-2026-9243 | MEDIUM | 6.4 | 2026-05-29 | The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carousel_direction' parameter of the Carousel Anything widget in ve… | |
| CVE-2026-9241 | MEDIUM | 4.3 | 2026-05-28 | The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and in… | |
| CVE-2026-9236 | MEDIUM | 4.3 | 2026-05-27 | The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and in… | |
| CVE-2026-9234 | MEDIUM | 4.3 | 2026-06-02 | The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability che… | |
| CVE-2026-9228 | MEDIUM | 4.3 | 2026-05-28 | The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the ac… | |
| CVE-2026-9227 | HIGH | 8.8 | 2026-05-28 | The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1 via the gutenbee_file_and_ext_json … | |
| CVE-2026-9208 | HIGH | Patched | 8.8 | 2026-05-27 | Tanium addressed an unauthorized code execution vulnerability in Connect. |
| CVE-2026-9207 | HIGH | Patched | 8.8 | 2026-05-27 | Tanium addressed an unauthorized code execution vulnerability in Connect. |
| CVE-2026-9200 | HIGH | 7.5 | 2026-05-27 | The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the shortcode function. This makes it possibl… | |
| CVE-2026-9197 | MEDIUM | 4.9 | 2026-06-06 | The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it… | |
| CVE-2026-9194 | NONE | — | 2026-05-29 | Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have be… | |
| CVE-2026-9189 | MEDIUM | 5.3 | 2026-05-29 | The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, a… | |
| CVE-2026-9170 | CRITICAL | 9.8 | 2026-05-26 | IBM HTTP Server 8.5, and 9.0 | |
| CVE-2026-9157 | HIGH | Patched | 8.4 | 2026-05-21 | Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from… |
| CVE-2026-9156 | MEDIUM | Patched | 6.5 | 2026-05-27 | Tanium addressed a denial of service vulnerability in Tanium Server. |
| CVE-2026-9152 | NONE | — | 2026-05-21 | A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, sess… | |
| CVE-2026-9150 | MEDIUM | Patched | 6.5 | 2026-05-20 | A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository m… |
| CVE-2026-9149 | MEDIUM | Patched | 6.5 | 2026-05-21 | A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the … |
| CVE-2026-9144 | HIGH | 7.6 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authentica… | |
| CVE-2026-9141 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration interface that allows unauthenticated… | |
| CVE-2026-9139 | CRITICAL | 9.8 | 2026-05-20 | Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration interface where authentication is impl… | |
| CVE-2026-9137 | HIGH | Patched | 7.5 | 2026-05-20 | The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint… |
| CVE-2026-9136 | MEDIUM | Patched | 6.5 | 2026-05-20 | A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the … |